Author: nion Date: 2007-08-16 12:54:06 +0000 (Thu, 16 Aug 2007) New Revision: 6337 Modified: data/CVE/list Log: impact for CVE-2006-5872 medium Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-16 10:05:15 UTC (rev 6336) +++ data/CVE/list 2007-08-16 12:54:06 UTC (rev 6337) @@ -9047,7 +9047,7 @@ CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) NOT-FOR-US: Sun Solaris. CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (bug #409703; medium) [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger NOTE: is not secure with untrusted users.
Nico Golde
2007-Aug-16 13:01 UTC
[Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE
Hi, * nion at alioth.debian.org <nion at alioth.debian.org> [2007-08-16 14:55]: [...]> CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...) > - - sql-ledger <unfixed> (bug #409703) > + - sql-ledger <unfixed> (bug #409703; medium) > [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) > NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger > NOTE: is not secure with untrusted users.Just wanted to comment this, noting the bug in README.Debian does not fix it and doesn''t help users who don''t read the file, just if someone wonders why I didn''t set low :) Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070816/9cc1c548/attachment.pgp
Moritz Muehlenhoff
2007-Aug-16 20:53 UTC
[Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE
Nico Golde wrote:> > CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...) > > - - sql-ledger <unfixed> (bug #409703) > > + - sql-ledger <unfixed> (bug #409703; medium) > > [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) > > NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger > > NOTE: is not secure with untrusted users. > > Just wanted to comment this, noting the bug in README.Debian > does not fix it and doesn''t help users who don''t read the > file, just if someone wonders why I didn''t set low :)Please use debian-security-tracker at lists.debian.org for tracker relevant discussion. CCing. It''s certainly _not_ a medium issue, as it''s completely beyond what is supported for this package. If you want more reliable ways to inform users than README.Debian.security then please help work on #436161. Cheers, Moritz